Cyber-Attacks: Where Are They Coming From? And Where Are They Going?

Cyber-attacks have become commonplace in the modern connected world. Over the years, the geography and volume of attacks have evolved as the Internet itself has evolved. Attack traffic now comes from every corner of the world, though some countries are responsible for more volume than others. According to Akamai's second-quarter 2013 "State of the Internet" report, Indonesia is now the top origination source for attack traffic, based on IP address. Indonesia is responsible for 38 percent of attack traffic, followed in second place by China, which accounts for 33 percent of attack traffic. AlienVault's Open Threat Exchange data for October provides a different viewpoint. AlienVault reports that China has more malicious IP addresses than any other country in the world, followed in second place by the United States. An increasingly common form of attack is the distributed denial-of-service (DDoS) attack, according to data from Arbor Networks, with the volume of high-bandwidth attacks steadily increasing. In this slide show, eWEEK examines key data points from the Akamai, AlienVault and Arbor Networks reports.

1 of

Cyber-Attacks: Where Are They Coming From? And Where Are They Going?

By Sean Michael Kerner

China Has the Most Malicious IP Addresses, Claims AlienVault

According to AlienVault's latest Open Threat Exchange (OTX) snapshot, China tops the list of countries with the most reported malicious IP addresses.

Indonesia Is the Top Country for Attack Traffic, Says Akamai

In contrast with AlienVault's findings, the second-quarter Akamai "State of the Internet" report found that Indonesia is the top country for attack traffic, with 38 percent of attack traffic originating there. China is second at 33 percent, with the U.S. a distant third at only 6.9 percent.

Denial-of-Service Attacks Targeting the Americas

While attacks can come from any corner of the world, Akamai found that the vast majority of distributed denial-of-service (DDoS) attacks were against organizations in the Americas.

Most DDoS Attacks Are Less Than 1G bps

According to the third-quarter 2013 attack report from Arbor Networks, most DDoS attacks consume less than 1G bps of attack bandwidth.

DDoS Attack Bandwidth Is Growing

Although attacks of less 1G bps currently represent the majority of DDoS attacks, larger bandwidth attacks are growing. According to Arbor Networks, attacks of between 2G and 10G bps now represent 37 percent of all DDoS attacks.

Most DDoS Attacks Last Less Than 30 Minutes.

According to Arbor Networks, the majority of DDoS attacks are short-lived, lasting 30 minutes or less in duration.

Port 80 Is the Most Attacked Server Port

It should come as no surprise that Port 80 is identified by Arbor Networks as being the most attacked server port. Port 80 is the primary operating system port used for all Web traffic on devices and servers. When it comes to the most attacked ports after Port 80, other vendors have different views.

SSL on Port 443 Is Often Attacked

As is the case with the Arbor Networks data, Akamai's "State of the Internet" report also found Port 80 to be the most attacked port. The Akamai report found that Port 443, which is used for Secure Sockets Layer (SSL) encryption, is the second most attacked port.